Author: keescook-guest Date: 2007-04-19 22:29:46 +0000 (Thu, 19 Apr 2007) New Revision: 5686 Modified: data/CVE/list Log: NFUs: 116 unfixed: apache2 elinks file freeradius kdelibs lha quagga fixed: phpmyadmin Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-04-19 22:24:02 UTC (rev 5685) +++ data/CVE/list 2007-04-19 22:29:46 UTC (rev 5686) @@ -1,103 +1,103 @@ CVE-2007-2107 (SQL injection vulnerability in visit.php in the Rha7 Downloads ...) - TODO: check + NOT-FOR-US: Rha7 Downloads CVE-2007-2106 (Directory traversal vulnerability in index.php in Kai Content ...) - TODO: check + NOT-FOR-US: Kai Content Management System CVE-2007-2105 (Directory traversal vulnerability in admin/index.php in Monkey CMS ...) - TODO: check + NOT-FOR-US: Monkey CMS CVE-2007-2104 (Multiple directory traversal vulnerabilities in iXon CMS 0.30 allow ...) - TODO: check + NOT-FOR-US: iXon CMS CVE-2007-2103 (Multiple PHP remote file inclusion vulnerabilities in my little forum ...) - TODO: check + NOT-FOR-US: my little forum CVE-2007-2102 (Cross-site scripting (XSS) vulnerability in weblog.php in my little ...) - TODO: check + NOT-FOR-US: my little weblog CVE-2007-2101 (FAC Guestbook 3.01 stores sensitive information under the web root ...) - TODO: check + NOT-FOR-US: FAC Guestbook CVE-2007-2100 (FAC Guestbook 2.0 stores sensitive information under the web root with ...) - TODO: check + NOT-FOR-US: FAC Guestbook CVE-2007-2099 (Cross-site scripting (XSS) vulnerability in htdocs/php.php in ...) - TODO: check + NOT-FOR-US: OpenConcept Back-End CMS CVE-2007-2098 (Multiple cross-site scripting (XSS) vulnerabilities in showpic.php in ...) - TODO: check + NOT-FOR-US: Wabbit PHP Gallery CVE-2007-2097 (Multiple PHP remote file inclusion vulnerabilities in OpenConcept ...) - TODO: check + NOT-FOR-US: OpenConcept Back-End CMS CVE-2007-2096 (PHP remote file inclusion vulnerability in common.php in Hinton Design ...) - TODO: check + NOT-FOR-US: PHPHD Download System CVE-2007-2095 (PHP remote file inclusion vulnerability in chat.php in MySpeach 1.9 ...) - TODO: check + NOT-FOR-US: MySpeach CVE-2007-2094 (PHP remote file inclusion vulnerability in index.php in Anthologia ...) - TODO: check + NOT-FOR-US: Anthologia CVE-2007-2093 (Direct static code injection vulnerability in index.php in Limesoft ...) - TODO: check + NOT-FOR-US: Limesoft Guestbook CVE-2007-2092 (Direct static code injection vulnerability in index.php in Limesoft ...) - TODO: check + NOT-FOR-US: Limesoft Guestbook CVE-2007-2091 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: tsdisplay4xoops CVE-2007-2090 (Cross-site scripting (XSS) vulnerability in index.php in TuMusika ...) - TODO: check + NOT-FOR-US: TuMusika Evolution CVE-2007-2089 (Multiple PHP remote file inclusion vulnerabilities in the Jx ...) - TODO: check + NOT-FOR-US: Jx Development Article component for Mambo and Joomla CVE-2007-2088 (Multiple PHP remote file inclusion vulnerabilities in Sitebar 3.3.5 ...) - TODO: check + NOT-FOR-US: Sitebar CVE-2007-2087 (Multiple PHP remote file inclusion vulnerabilities in CNStats 2.12, ...) - TODO: check + NOT-FOR-US: CNStats CVE-2007-2086 (Multiple PHP remote file inclusion vulnerabilities in CNStats 2.9 ...) - TODO: check + NOT-FOR-US: CNStats CVE-2007-2085 (Cross-site scripting (XSS) vulnerability in oe2edit.cgi in oe2edit CMS ...) - TODO: check + NOT-FOR-US: oe2edit CMS CVE-2007-2084 (PHP remote file inclusion vulnerability in MobilePublisherphp 1.1.2 ...) - TODO: check + NOT-FOR-US: MobilePublisherphp CVE-2007-2083 (vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 ...) NOT-FOR-US: Check Point Zone Labs ZoneAlarm Internet Security Suite CVE-2007-2082 (Direct static code injection vulnerability in admin/settings.php in ...) - TODO: check + NOT-FOR-US: MyBlog CVE-2007-2081 (MyBlog 0.9.8 and earlier allows remote attackers to bypass ...) - TODO: check + NOT-FOR-US: MyBlog CVE-2007-2080 (Multiple SQL injection vulnerabilities in XAMPP 1.6.0a for Windows ...) - TODO: check + NOT-FOR-US: XAMPP CVE-2007-2079 (The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and ...) - TODO: check + NOT-FOR-US: XAMPP CVE-2007-2078 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: Maian Weblog CVE-2007-2077 (PHP remote file inclusion vulnerability in search.php in Maian Search ...) - TODO: check + NOT-FOR-US: Maian Search CVE-2007-2076 (PHP remote file inclusion vulnerability in index.php in Maian Gallery ...) - TODO: check + NOT-FOR-US: Maian Gallery CVE-2007-2075 (ScramDisk 4 Linux before 1.0-1 does not perform permission checks on ...) - TODO: check + NOT-FOR-US: ScramDisk CVE-2007-2074 (Certain programs in containers in ScramDisk 4 Linux before 1.0-1 ...) - TODO: check + NOT-FOR-US: ScramDisk CVE-2007-2073 (PHP remote file inclusion vulnerability in index.php in Ivan Gallery ...) - TODO: check + NOT-FOR-US: Ivan Gallery Script CVE-2007-2072 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: Ivan Gallery Script CVE-2007-2071 (Multiple cross-site scripting (XSS) vulnerabilities in Open-gorotto ...) - TODO: check + NOT-FOR-US: Open-gorotto CVE-2007-2070 (Multiple PHP remote file inclusion vulnerabilities in Turnkey Web ...) - TODO: check + NOT-FOR-US: SunShop Shopping Cart CVE-2007-2069 (Directory traversal vulnerability in scr/soustab.php in openMairie ...) - TODO: check + NOT-FOR-US: openMairie CVE-2007-2068 (Multiple PHP remote file inclusion vulnerabilities in the StoreFront ...) TODO: check CVE-2007-2067 (Multiple PHP remote file inclusion vulnerabilities in Marco Antonio ...) - TODO: check + NOT-FOR-US: WebSlider CVE-2007-2066 (UseBB before 1.0.6 allows remote attackers to obtain sensitive ...) - TODO: check + NOT-FOR-US: UseBB CVE-2007-2065 (PHP remote file inclusion vulnerability in db/PollDB.php in Robert ...) - TODO: check + NOT-FOR-US: ActionPoll CVE-2007-2064 (Multiple PHP remote file inclusion vulnerabilities in Robert ...) - TODO: check + NOT-FOR-US: ActionPoll CVE-2007-2063 (SSH Tectia Server for IBM z/OS before 5.4.0, when _BPX_BATCH_UMASK is ...) - TODO: check + NOT-FOR-US: IBM zOS CVE-2007-2062 (Stack-based buffer overflow in VCDGear 3.55 and 3.56 BETA allows ...) - TODO: check + NOT-FOR-US: VCDGear CVE-2007-2061 (Cross-site scripting (XSS) vulnerability in check_login.asp in ...) - TODO: check + NOT-FOR-US: MailBee WebMail Pro CVE-2007-2060 (Cross-zone scripting vulnerability in the Wizz RSS Reader before 2.1.9 ...) - TODO: check + NOT-FOR-US: Wizz RSS Reader CVE-2007-2059 (Multiple buffer overflows in the ESA protocol implementation in ...) - TODO: check + NOT-FOR-US: eIQnetworks Enterprise Security Analyzer CVE-2007-2058 (Directory traversal vulnerability in Acubix PicoZip 4.02 allows ...) - TODO: check + NOT-FOR-US: Acubix PicoZip CVE-2007-2057 (Stack-based buffer overflow in aircrack-ng airodump-ng 0.7 allows ...) TODO: check CVE-2007-2056 @@ -111,25 +111,25 @@ CVE-2007-2052 (Off-by-one error in the PyLocale_strxfrm function in ...) TODO: check CVE-2007-2051 (Buffer overflow in the parsecmd function in bftpd before 1.8 has ...) - TODO: check + NOT-FOR-US: bftpd CVE-2007-2050 (Multiple directory traversal vulnerabilities in header.php in ...) - TODO: check + NOT-FOR-US: RicarGBooK CVE-2007-2049 (Multiple PHP remote file inclusion vulnerabilities in the Calendar ...) - TODO: check + NOT-FOR-US: Calendar Module for Mambo CVE-2007-2048 (Directory traversal vulnerability in /console in the Management ...) - TODO: check + NOT-FOR-US: webMethods Glue CVE-2007-2047 (CRLF injection vulnerability in www/delivery/ck.php in Openads 2.3 ...) - TODO: check + NOT-FOR-US: Openads CVE-2007-2046 (Multiple CRLF injection vulnerabilities in adclick.php in (a) Openads ...) - TODO: check + NOT-FOR-US: Openads CVE-2007-2045 (Unspecified vulnerability in the IP implementation in Sun Solaris 8 ...) - TODO: check + NOT-FOR-US: Sun Solaris CVE-2007-2044 (PHP remote file inclusion vulnerability in mod_weather.php in the ...) - TODO: check + NOT-FOR-US: Weather module for Mambo and Joomla CVE-2007-2043 (Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde ...) - TODO: check + NOT-FOR-US: MOSMedia Lite CVE-2007-2042 (Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde ...) - TODO: check + NOT-FOR-US: MOSMedia Lite CVE-2007-2041 (Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ...) TODO: check CVE-2007-2040 (Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points ...) @@ -151,129 +151,129 @@ CVE-2007-2032 (Cisco Wireless Control System (WCS) before 4.0.96.0 has a hard-coded ...) TODO: check CVE-2007-2031 (Buffer overflow in the HTTP proxy service for 3proxy 0.5 to 0.5.3g, ...) - TODO: check + NOT-FOR-US: 3proxy CVE-2007-2030 (lharc.c in lha does not securely create temporary files, which might ...) - TODO: check + - lha <unfixed> (low) CVE-2007-2029 RESERVED CVE-2007-2028 (Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to ...) - TODO: check + - freeradius <unfixed> (low) CVE-2007-2027 (Untrusted search path vulnerability in the add_filename_to_string ...) - TODO: check + - elinks <unfixed> (bug #417789; medium) CVE-2007-2026 (The gnu regular expression code in file 4.20 allows context-dependent ...) - TODO: check + - file <unfixed> (medium) CVE-2007-2025 (Unrestricted file upload vulnerability in the UpLoad feature ...) - TODO: check + NOT-FOR-US: PhpWiki CVE-2007-2024 (Unrestricted file upload vulnerability in the UpLoad feature ...) - TODO: check + NOT-FOR-US: PhpWiki CVE-2007-2023 (USB20.dll in Secustick USB flash drive decouples the authorization and ...) - TODO: check + NOT-FOR-US: Secustick USB flash drive CVE-2007-2022 (Unspecified vulnerability in the Adobe Macromedia Flash Player 7.x and ...) - TODO: check + - kdelibs <unfixed> (low) CVE-2007-2021 (Multiple PHP remote file inclusion vulnerabilities in Pineapple ...) - TODO: check + NOT-FOR-US: Pineapple Technologies Lore CVE-2007-2020 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: xodagallery CVE-2007-2019 (PHP remote file inclusion vulnerability in init.gallery.php in ...) - TODO: check + NOT-FOR-US: phpGalleryScript CVE-2007-2018 (SQL injection vulnerability in msg.php in AlstraSoft Video Share ...) - TODO: check + NOT-FOR-US: AlstraSoft Video Share Enterprise CVE-2007-2017 (siteadmin/useredit.php in AlstraSoft Video Share Enterprise does not ...) - TODO: check + NOT-FOR-US: AlstraSoft Video Share Enterprise CVE-2007-2016 (Cross-site scripting (XSS) vulnerability in mysql/phpinfo.php in ...) - TODO: check + - phpmyadmin 4:2.6.2-3 (unimportant) CVE-2007-2015 (PHP remote file inclusion vulnerability in index.php in Request It ...) - TODO: check + NOT-FOR-US: Request It CVE-2007-2014 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: MyNews CVE-2007-2013 (Cross-site scripting (XSS) vulnerability in index.php in JEx-Treme ...) - TODO: check + NOT-FOR-US: Passworschutz CVE-2007-2012 (Multiple directory traversal vulnerabilities in MimarSinan CompreXX ...) - TODO: check + NOT-FOR-US: CompreXX CVE-2007-2011 (Cross-site scripting (XSS) vulnerability in login.php in DeskPro 2.0.1 ...) - TODO: check + NOT-FOR-US: DeskPro CVE-2007-2010 (Double-free vulnerability in bftpd before 1.8 allows remote ...) - TODO: check + NOT-FOR-US: bftpd CVE-2007-2009 (PHP remote file inclusion vulnerability in index.php in SimpCMS Light ...) - TODO: check + NOT-FOR-US: SimpCMS Light CVE-2007-2008 (Directory traversal vulnerability in admin.php in pL-PHP beta 0.9 ...) - TODO: check + NOT-FOR-US: pL-PHP CVE-2007-2007 (admin.php in pL-PHP beta 0.9 allows remote attackers to bypass ...) - TODO: check + NOT-FOR-US: pL-PHP CVE-2007-2006 (Multiple SQL injection vulnerabilities in login.php in pL-PHP beta 0.9 ...) - TODO: check + NOT-FOR-US: pL-PHP CVE-2007-2005 (Multiple PHP remote file inclusion vulnerabilities in the Taskhopper ...) - TODO: check + NOT-FOR-US: Taskhopper component for Mambo and Joomla CVE-2007-2004 (Multiple SQL injection vulnerabilities in InoutMailingListManager 3.1 ...) - TODO: check + NOT-FOR-US: InoutMailingListManager CVE-2007-2003 (InoutMailingListManager 3.1 and earlier sends a Location redirect ...) - TODO: check + NOT-FOR-US: InoutMailingListManager CVE-2007-2002 (InoutMailingListManager 3.1 and earlier allows remote attackers to ...) - TODO: check + NOT-FOR-US: InoutMailingListManager CVE-2007-2001 (Multiple direct static code injection vulnerabilities in ...) - TODO: check + NOT-FOR-US: Crea-Book CVE-2007-2000 (Multiple SQL injection vulnerabilities in admin/admin.php in Crea-Book ...) - TODO: check + NOT-FOR-US: Crea-Book CVE-2007-1999 (PHP remote file inclusion vulnerability in index.php in Weatimages ...) - TODO: check + NOT-FOR-US: Weatimages CVE-2007-1998 (Direct static code injection vulnerability in HIOX Guest Book (HGB) ...) - TODO: check + NOT-FOR-US: HIOX Guest Book CVE-2007-1997 (Integer signedness error in the (1) cab_unstore and (2) cab_extract ...) TODO: check CVE-2007-1996 (PHP remote file inclusion vulnerability in codebreak.php in CodeBreak, ...) - TODO: check + NOT-FOR-US: CodeBreak CVE-2007-1995 (bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier ...) - TODO: check + - quagga <unfixed> (low) CVE-2007-1994 (Unspecified vulnerability in the Address and Routing Parameter Area ...) - TODO: check + NOT-FOR-US: HP-UX ARPA transport CVE-2007-1993 (Buffer overflow in the pfs_mountd.rpc RPC daemon in the Portable File ...) - TODO: check + NOT-FOR-US: HP-UX Portable File System CVE-2007-1992 (Multiple PHP remote file inclusion vulnerabilities in the com_zoom 2.5 ...) - TODO: check + NOT-FOR-US: com_zoom CVE-2007-1991 (Cross-site scripting (XSS) vulnerability in mail/signup.asp in ...) - TODO: check + NOT-FOR-US: CmailServer WebMail CVE-2007-1990 (PHP remote file inclusion vulnerability in games.php in Sam Crew ...) - TODO: check + NOT-FOR-US: MyBlog CVE-2007-1989 (Multiple cross-site scripting (XSS) vulnerabilities in DotClear before ...) - TODO: check + NOT-FOR-US: DotClear CVE-2007-1988 (Cross-site scripting (XSS) vulnerability in kernel/filters.inc.php in ...) - TODO: check + NOT-FOR-US: PHPEcho CMS CVE-2007-1987 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: PHPEcho CMS CVE-2007-1986 (Multiple PHP remote file inclusion vulnerabilities in barnraiser ...) - TODO: check + NOT-FOR-US: AROUNDMe CVE-2007-1985 (Multiple PHP remote file inclusion vulnerabilities in ...) - TODO: check + NOT-FOR-US: phpexplorator CVE-2007-1984 (PHP remote file inclusion vulnerability in index.php in lite-cms 0.2.1 ...) - TODO: check + NOT-FOR-US: lite-cms CVE-2007-1983 (PHP remote file inclusion vulnerability in include/default_header.php ...) - TODO: check + NOT-FOR-US: Cyboards PHP Lite CVE-2007-1982 (Multiple PHP remote file inclusion vulnerabilities in Really Simple ...) - TODO: check + NOT-FOR-US: Really Simple PHP and Ajax CVE-2007-1981 (The safevoid_vsnprintf function in Metamod-P 1.19p29 and earlier on ...) - TODO: check + NOT-FOR-US: Metamod-P CVE-2007-1980 (SQL injection vulnerability in index.php in the Topliste 1.0 module ...) - TODO: check + NOT-FOR-US: Topliste module for PHP-Fusion CVE-2007-1979 (SQL injection vulnerability in index.php in the PopnupBlog 2.52 and ...) - TODO: check + NOT-FOR-US: PopnupBlog module for Xoops CVE-2007-1978 (SQL injection vulnerability in index.php in the Arcade 1.00 module for ...) - TODO: check + NOT-FOR-US: Arcade module for PHP-Fusion CVE-2007-1977 (Cross-site scripting (XSS) vulnerability in index_cms.php in holaCMS ...) - TODO: check + NOT-FOR-US: holaCMS CVE-2007-1976 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: Virii Info module for Xoops CVE-2007-1975 (Multiple PHP remote file inclusion vulnerabilities in SLAED CMS 2 ...) - TODO: check + NOT-FOR-US: SLAED CMS CVE-2007-1974 (SQL injection vulnerability in the getArticle function in ...) - TODO: check + NOT-FOR-US: Xoops modules CVE-2007-1973 (Race condition in the Virtual DOS Machine (VDM) in the Windows Kernel ...) TODO: check CVE-2007-1972 RESERVED CVE-2006-7194 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: Agora CVE-2006-7193 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: disputed (SMARTY_DIR is a constant) CVE-2003-1325 (The SV_CheckForDuplicateNames function in Valve Software Half-Life ...) TODO: check CVE-2007-XXXX [mydms SQL injection] @@ -485,13 +485,13 @@ CVE-2007-1875 RESERVED CVE-2007-1874 (Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions ...) - TODO: check + NOT-FOR-US: Adobe ColdFusion MX CVE-2007-1873 (Cross-site scripting (XSS) vulnerability in mephisto 0.7.3 allows ...) - TODO: check + NOT-FOR-US: mephisto CVE-2007-1872 (Cross-site scripting (XSS) vulnerability in toendaCMS 1.5.3 allows ...) - TODO: check + NOT-FOR-US: toendaCMS CVE-2007-1871 (Cross-site scripting (XSS) vulnerability in chcounter 3.1.3 allows ...) - TODO: check + NOT-FOR-US: chcounter CVE-2007-1870 (lighttpd before 1.4.14 allows attackers to cause a denial of service ...) TODO: check CVE-2007-1869 (lighttpd 1.4.12 and 1.4.13 allows remote attackers to cause a denial ...) @@ -796,11 +796,11 @@ CVE-2007-1744 RESERVED CVE-2007-1743 (suexec in Apache HTTP Server (httpd) 2.2.3 does not verify ...) - TODO: check + - apache2 <unfixed> (unimportant) CVE-2007-1742 (suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison ...) - TODO: check + - apache2 <unfixed> (unimportant) CVE-2007-1741 (Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 ...) - TODO: check + - apache2 <unfixed> (unimportant) CVE-2007-1740 REJECTED CVE-2007-1739 (Heap-based buffer overflow in the LDAP server in IBM Lotus Domino ...) @@ -947,7 +947,7 @@ CVE-2007-1675 (Buffer overflow in the CRAM-MD5 authentication mechanism in the IMAP ...) NOT-FOR-US: IBM Lotus Domino CVE-2007-1674 (Stack-based buffer overflow in the Alert Service (aolnsrvr.exe) in ...) - TODO: check + NOT-FOR-US: LANDesk Management Suite CVE-2007-1673 RESERVED CVE-2007-1672 @@ -1680,9 +1680,9 @@ CVE-2007-1365 (Buffer overflow in kern/uipc_mbuf2.c in OpenBSD 3.9 and 4.0 allows ...) NOT-FOR-US: OpenBSD Kernel CVE-2007-1364 (DropAFew before 0.2.1 does not require authorization for certain ...) - TODO: check + NOT-FOR-US: DropAFew CVE-2007-1363 (Multiple SQL injection vulnerabilities in DropAFew before 0.2.1 allow ...) - TODO: check + NOT-FOR-US: DropAFew CVE-2007-1362 RESERVED CVE-2007-1361 (Cross-site scripting (XSS) vulnerability in virtuemart_parser.php in ...)